Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,350
Erlang
31
GitHub Actions
22
Go
2,119
Maven
5,000+
npm
3,778
NuGet
680
pip
3,459
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

232 advisories

Loading
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. Critical Unreviewed
CVE-2019-13335 was published May 24, 2022
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. Critical Unreviewed
CVE-2019-18355 was published May 24, 2022
An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can... Critical Unreviewed
CVE-2019-16948 was published May 24, 2022
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function... Critical Unreviewed
CVE-2020-35313 was published May 24, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before... Critical Unreviewed
CVE-2018-17452 was published Apr 16, 2023
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing Critical Unreviewed
CVE-2022-48477 was published Apr 24, 2023
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code... Critical Unreviewed
CVE-2023-35175 was published Jun 30, 2023
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery... Critical Unreviewed
CVE-2023-1895 was published Jul 6, 2023
Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery (SSRF). Critical Unreviewed
CVE-2022-42183 was published Jul 31, 2023
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive... Critical Unreviewed
CVE-2023-42398 was published Sep 15, 2023
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2023-41449 was published Sep 28, 2023
A server-side request forgery (SSRF) was discovered in the Akana Community Manager Developer... Critical Unreviewed
CVE-2024-2796 was published Apr 18, 2024
Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library Critical
CVE-2022-45152 was published for moodle/moodle (Composer) Nov 25, 2022
Moodle Blind SSRF Risk in /badges/mybackpack.php Critical
CVE-2019-3809 was published for moodle/moodle (Composer) May 13, 2022
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability Critical
CVE-2024-32964 was published for @lobehub/chat (npm) May 10, 2024
yyzsec
Apache Karaf Cave: Cave SSRF and arbitrary file access Critical
CVE-2024-34365 was published for org.apache.karaf:cave (Maven) May 14, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability Critical
CVE-2024-25738 was published for vufind/vufind (Composer) May 22, 2024
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex... Critical Unreviewed
CVE-2024-3149 was published Jun 6, 2024
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function. Critical Unreviewed
CVE-2024-36675 was published Jun 5, 2024
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a... Critical Unreviewed
CVE-2024-6424 was published Jul 1, 2024
An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated remote code execution can... Critical Unreviewed
CVE-2023-46295 was published May 1, 2024
An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in... Critical Unreviewed
CVE-2024-33857 was published May 7, 2024
Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via... Critical Unreviewed
CVE-2024-29319 was published Jul 5, 2024
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen... Critical Unreviewed
CVE-2021-40438 was published May 24, 2022
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021... Critical Unreviewed
CVE-2021-34473 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database